One of the big challenges in the Internet of Things is securing end-points. That’s nothing new: enterprises have been struggling to secure Windows desktops, laptops and servers for decades now.
The challenge with the IoT is both bigger and more complicated than that. For one thing: there will be many, many more endpoints on the IoT than there ever were on your conventional IT network – more by a factor of 10 or 100 or 1000.
The other challenge is that the endpoints will be heterogenous. Some might be running embedded Linux, Android or some other, obscure RTOS (real time operating system). Some may even be running Windows, if Redmond gets its way. They might be low value assets unworthy of- or unready for fat, expensive endpoint security suites. But unimportant endpoints can still be stepping stones to other, more important assets in an IoT environment: IoT hubs, cloud-based management servers, or other, more valuable endpoints.
So how to secure them? One idea is to leverage virtualization to isolate sensitive data and functions on an IoT device and shield them from would-be hackers. That’s the spirit behind the news on Tuesday from the Prpl (pronounced “Purple”) Foundation of the debut of prplHypervisor, described as a light-weight open source hypervisor specifically designed to provide security through separation for the billions of embedded connected devices that power the Internet of Things.
Prpl is a non-profit foundation promoting open source and supporting the MIPS architecture with a goal of “enabling next-generation datacenter-to-device portable software and virtualized architectures.”Members include Qualcomm, Cavium, Intercede, Broadcom, Elliptic and others. The group has staked out a focus in areas such as datacenter, networking and storage, connected consumer and embedded devices and the Internet of Things (IoT).
According to a statement from the group, prplHypervisor™ uses hardware virtualization to create multiple, distinct and secure domains on any given endpoint. The prplHypervisor will allow bare metal applications and rich operating systems to “operate independently and securely within these domains.” That, in turn, will eliminate “lateral movement” within the IoT endpoint and ecosystem without inhibiting inter-VM (virtual machine) communications, the group said.